Search

1,611 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.8CVE-2026-9082⚠ KEVEPSS 13.0%Drupal Core SQL Injection Vulnerability5/20/2026
CRITICAL9.6CVE-2026-45321⚠ KEVEPSS 17.1%Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys5/12/2026
CRITICAL9.8CVE-2026-42208⚠ KEVEPSS 56.9%LiteLLM has SQL Injection in Proxy API key verification4/24/2026
HIGH7.8CVE-2026-31431⚠ KEVEPSS 2.2%Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability4/22/2026
CRITICAL9.8CVE-2026-39987⚠ KEVEPSS 82.2%Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass4/8/2026
HIGH8.8CVE-2026-34197⚠ KEVEPSS 83.5%Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans4/7/2026
HIGH8.8CVE-2026-5281⚠ KEVEPSS 0.65%Google Dawn Use-After-Free Vulnerability4/1/2026
—CVE-2026-33634⚠ KEVEPSS 29.4%Trivy ecosystem supply chain was briefly compromised3/30/2026
CRITICAL9.8CVE-2026-33017⚠ KEVEPSS 24.0%Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint3/17/2026
HIGH8.8CVE-2026-3910⚠ KEVEPSS 3.2%Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability3/13/2026
HIGH8.8CVE-2026-3909⚠ KEVEPSS 0.45%chromium - security update3/13/2026
HIGH8.8CVE-2026-2441⚠ KEVEPSS 23.1%Google Chromium CSS Use-After-Free Vulnerability2/13/2026
CRITICAL9.8CVE-2026-24061⚠ KEVEPSS 91.5%inetutils - security update1/21/2026
CRITICAL9.9CVE-2025-68613⚠ KEVEPSS 65.8%n8n Vulnerable to Remote Code Execution via Expression Injection12/22/2025
HIGH7.5CVE-2025-14847⚠ KEVEPSS 55.8%Zlib compressed protocol header length confusion may allow memory read12/19/2025
MEDIUM6.1CVE-2025-68461⚠ KEVEPSS 6.9%RoundCube Webmail Cross-site Scripting Vulnerability12/18/2025
HIGH8.8CVE-2025-43529⚠ KEVEPSS 0.16%Apple Multiple Products Use-After-Free WebKit Vulnerability12/17/2025
HIGH8.8CVE-2025-14174⚠ KEVEPSS 0.30%webkit2gtk - security update12/12/2025
—CVE-2025-8110⚠ KEVEPSS 17.7%Gogs vulnerable to a bypass of CVE-2024-55947 in gogs.io/gogs12/10/2025
HIGH8.8CVE-2025-34291⚠ KEVEPSS 32.7%Langflow CORS misconfiguration enables Account Takeover and RCE12/6/2025
CRITICAL10.0CVE-2025-55182⚠ KEVEPSS 82.0%React Server Components are Vulnerable to RCE12/3/2025
HIGH8.2CVE-2025-58360⚠ KEVEPSS 81.4%GeoServer is vulnerable to Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature11/25/2025
HIGH8.8CVE-2025-13223⚠ KEVEPSS 2.8%chromium - security update11/17/2025
HIGH8.8CVE-2023-43000⚠ KEVEPSS 0.03%Apple Multiple products Use-After-Free Vulnerability11/5/2025
CRITICAL9.8CVE-2025-11953⚠ KEVEPSS 20.1%@react-native-community/cli has arbitrary OS command injection11/3/2025

Page 1 of 65Next →